7 matches found
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to XSS Vulnerability
Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...
Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS)
Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...
Calendar Event Multi View 1.4.07 Cross Site Scripting
Exploit Title: Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting XSS Date: 2022-05-25 Exploit Author: Mostafa Farzaneh WPScan page: https://wpscan.com/vulnerability/95f92062-08ce-478a-a2bc-6d026adf657c Vendor Homepage:...
CVE-2022-2846
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...
CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...
CVE-2022-2846 Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Creation to Stored XSS
The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and...
CVE-2022-2846
The CVE-2022-2846 concerns the Calendar Event Multi View WordPress plugin prior to version 1.4.07. Root cause: missing authorization, CSRF protections, and insufficient sanitisation/escaping in event creation fields. Impact: unauthenticated attackers can create arbitrary events and inject Cross-S...